I was in a discussion with a buddy of mine and he mentioned a new tool from by Jesse Kornblum that will be released soon called ssDeep along with a paper titled "Identify almost identical files with context trigger piecewise hashing".
Has anyone heard anything about this? Could they provide more details.
Thanks
The guys from Cyber Speak did a interview with Jesse. If you have the time it's worth the listen
I attending his talk at GMU2006. It was very well done. You might contact Jesse and see if he will send you the Powerpoint presentation.
Hey, psu…did you attend any really good presentations there, like Windows memory analysis, or "Tracking USB devices"….??? 😉
any really good presentations there, like Windows memory analysis
I went to the "Windows Memory Analysis". It was good, but the darn instructor kept calling on anyone who so much as flinched when he asked a question…
I think I remember some yeahoo spewing some theories…. P
You and Jesse gave the best most informative of all the sessions I attended.
Barry, it was good to meet you and Paul (Paul emailed me right away about the metadata stuff…) - but you should know that about me; don't expect to get away with just sitting on your a**e in my presentations. 😉
psu86…thanks for the kind words. If I "see" Jesse I'll pass that along.
Thanks. I need to go update my podcasts looking forward to hearing about it.
orie
Anyone got a link to the paper? I found a link on Andreas Schuster's blog but it appears you need to pay for it. Is this the case or am I just being really stupid this morning?
I believe the paper and ssdeep are being released this week at DFRWS in Lafayette, Indiana and it should be available soon on the website.
http//ssdeep.sourceforge.net/